Filtered by vendor Sqlite Subscriptions
Total 58 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-8740 2 Debian, Sqlite 2 Debian Linux, Sqlite 2024-08-05 N/A
In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c.
CVE-2019-20218 5 Canonical, Debian, Oracle and 2 more 5 Ubuntu Linux, Debian Linux, Mysql Workbench and 2 more 2024-08-05 7.5 High
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
CVE-2019-19959 3 Canonical, Redhat, Sqlite 3 Ubuntu Linux, Enterprise Linux, Sqlite 2024-08-05 7.5 High
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
CVE-2019-19924 6 Apache, Netapp, Oracle and 3 more 6 Bookkeeper, Cloud Backup, Mysql Workbench and 3 more 2024-08-05 5.3 Medium
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.
CVE-2019-19926 8 Debian, Netapp, Opensuse and 5 more 13 Debian Linux, Cloud Backup, Backports Sle and 10 more 2024-08-05 7.5 High
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
CVE-2019-19925 8 Debian, Netapp, Opensuse and 5 more 14 Debian Linux, Cloud Backup, Backports Sle and 11 more 2024-08-05 7.5 High
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
CVE-2019-19923 8 Debian, Netapp, Opensuse and 5 more 14 Debian Linux, Cloud Backup, Backports Sle and 11 more 2024-08-05 7.5 High
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).
CVE-2019-19880 8 Debian, Netapp, Opensuse and 5 more 13 Debian Linux, Cloud Backup, Backports Sle and 10 more 2024-08-05 7.5 High
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
CVE-2019-19645 5 Netapp, Oracle, Siemens and 2 more 6 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 3 more 2024-08-05 5.5 Medium
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
CVE-2019-19646 5 Netapp, Oracle, Siemens and 2 more 6 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 3 more 2024-08-05 9.8 Critical
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
CVE-2019-19603 6 Apache, Netapp, Oracle and 3 more 7 Guacamole, Cloud Backup, Ontap Select Deploy Administration Utility and 4 more 2024-08-05 7.5 High
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
CVE-2019-19317 4 Netapp, Oracle, Siemens and 1 more 5 Cloud Backup, Ontap Select Deploy Administration Utility, Mysql Workbench and 2 more 2024-08-05 9.8 Critical
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2019-19244 4 Canonical, Oracle, Siemens and 1 more 4 Ubuntu Linux, Mysql Workbench, Sinec Infrastructure Network Services and 1 more 2024-08-05 7.5 High
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
CVE-2019-19242 5 Canonical, Oracle, Redhat and 2 more 5 Ubuntu Linux, Mysql Workbench, Enterprise Linux and 2 more 2024-08-05 5.9 Medium
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
CVE-2019-16168 9 Canonical, Debian, Fedoraproject and 6 more 21 Ubuntu Linux, Debian Linux, Fedora and 18 more 2024-08-05 6.5 Medium
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
CVE-2019-9937 1 Sqlite 1 Sqlite 2024-08-04 N/A
In SQLite 3.27.2, interleaving reads and writes in a single transaction with an fts5 virtual table will lead to a NULL Pointer Dereference in fts5ChunkIterate in sqlite3.c. This is related to ext/fts5/fts5_hash.c and ext/fts5/fts5_index.c.
CVE-2019-9936 1 Sqlite 1 Sqlite 2024-08-04 N/A
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.
CVE-2019-8457 5 Canonical, Fedoraproject, Opensuse and 2 more 5 Ubuntu Linux, Fedora, Leap and 2 more 2024-08-04 9.8 Critical
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
CVE-2019-5018 3 Canonical, Redhat, Sqlite 3 Ubuntu Linux, Enterprise Linux, Sqlite 2024-08-04 8.1 High
An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability.
CVE-2020-35527 3 Netapp, Redhat, Sqlite 3 Ontap Select Deploy Administration Utility, Enterprise Linux, Sqlite 2024-08-04 9.8 Critical
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.